CVE-2023-26987

EUVD-2023-30777
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
konga_projectkonga
0.14.9
𝑥
= Vulnerable software versions
References
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw/edit
https://github.com/redteambrasil/nuclei-templates
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw/edit
https://github.com/redteambrasil/nuclei-templates